PT-2023-29692 · Yettiesoft · Vestcert

Name of the Vulnerable Software and Affected Versions: Yettiesoft VestCert versions 2.36 to 2.5.29 Description: A vulnerability exists in Yettiesoft VestCert due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote co...

com.chutneytesting:chutney-kotlin-dsl (>=0.1.18 <=1.0.1), com.codbex.aion:codbex-aion-platform (>=0.5.6 <=0.5.7) +150 more potentially affected by CVE-2023-46604 via org.apache.activemq:activemq-openwire-legacy (>=5.17.0 <=5.17.5)

org.apache.activemq:activemq-openwire-legacy MAVEN version =5.17.0, =0.1.18, =0.5.6, =0.5.6, =0.5.6, =0.3.0, =0.3.0, =0.5.3, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.4.0 and more Source cves: CVE-2023-46604 Source advisory:...

CVE-2023-46503

Cross Site Scripting XSS vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules...

YXBOOKCMS Cross-Site Scripting Vulnerability

YXBOOKCMS is a content management system by PwnCYN individual developers. A security vulnerability exists in YXBOOKCMS v.1.0.2, which allows remote attackers to execute arbitrary code via the reader management and book input modules...

CVE-2023-46503

CVE-2023-46503 concerns PwnCYN YXBOOKCMS v1.0.2 with a Cross-Site Scripting (XSS) issue exploitable via the reader management and book input modules. The vulnerability is described as allowing a remote attacker to execute arbitrary code through these modules. CVSS‑3.1 metrics indicate a MEDIUM ba...

CVE-2023-41095

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...

Design/Logic Flaw

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...

Design/Logic Flaw

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...

CVE-2023-41095

Silicon Labs OpenThread SDK (32-bit ARM, SecureVault High modules) is affected by CVE-2023-41095 due to missing encryption of security keys. The vulnerability could allow modification or extraction of network credentials stored in flash. Affected versions: 2.3.1 and earlier. Root cause: lack of e...

The vulnerability of the Web page rendering modules in WebKitGTK+ and WPE WebKit lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Web page rendering modules in WebKitGTK+ and WPE WebKit relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Linux rootkits explained – Part 2: Loadable kernel modules

Part 2 dives into the world of LKMs Loadable Kernel Modules and kernel-space rootkits to explore what LKMs are, how attackers abuse them, and how to detect them...

ai.platon.pulsar:pulsar-beans (>=1.12.0 <=2.1.0), ai.platon.pulsar:pulsar-filter (>=1.12.0 <=2.1.0) +2775 more potentially affected by CVE-2023-46120 via com.rabbitmq:amqp-client (>=1.7.2 <=5.17.1)

com.rabbitmq:amqp-client MAVEN version =1.7.2, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =0.1, =1.0.4, =1.0.4, =0.1, =0.1, =1.0.8, =1.0.8, =3.0.0 and more Source cves: CVE-2023-46120 Source advisory: OSV:GHSA-MM8H-8587-P46H...

varnish security update

varnish 6.0.8-3.1 - Add parameters h2rstallowance and h2rstallowanceperiod to mitigate CVE-2023-44487 varnish-modules...

SUSE-SU-2023:4160-1 Security update for suse-module-tools

This update for suse-module-tools fixes the following issues: - Updated to version 15.1.25: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module bsc1210335. - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules bsc1205767, jscPED-5731...

[SECURITY] Fedora 38 Update: ansible-core-2.14.11-1.fc38

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 37 Update: ansible-core-2.14.11-1.fc37

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

The vulnerability of MICROprogramming software for communication modules of SIMATIC CP, related to access control deficiencies, allows a intruder to execute arbitrary code.

The vulnerability of MICROprogramming software for communication modules of SIMATIC CP is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to execute arbitrary code...

Enabled modules after been activated cannot subsequently be disabled

Lines of code Vulnerability details Impact Modules are third party accounts and they have some level of access to the GnosisSafe depending on configuration by the account owner. Therefore, they are created and assigned by account owners and they can execute transactions independently but they...

There is still a risk that operators or executors can backdoor the subaccount.

Lines of code Vulnerability details Impact The checkSubAccountSecurityConfig function ensures that the guard and fallback handler have not been disabled or updated, and that the owner console as a module has not been disabled by any operators or executors. This helper function is used as a last...

Ubuntu 16.04 ESM : containerd vulnerabilities (USN-5521-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5521-1 advisory. It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were...